176.31.139.17
## IP Intelligence Briefing: 176.31.139.17
Classification: Moderate Risk Infrastructure | Report Date: 2026-06-15
---
Executive Summary
IP 176.31.139.17 is a cloud-based infrastructure address operated by OVH in Roubaix, France, associated with the ahrefs.net domain. The IP exhibits moderate risk (score: 40) within a high-abuse density subnet (176.31.139.0/24), where 28 of 32 sibling IPs show threat activity. No active threat indicators were detected at the time of analysis.
---
Network & Ownership Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Country/Region** | FR / Hauts-de-France |
| **City** | Roubaix |
| **Infrastructure Type** | CloudCompute (Cloud) |
| **Network Classification** | Hosting Provider |
| **Service Status** | Firewalled / No Services |
---
DNS Resolution & Hostname Mapping
- Primary Hostname: proxy-fr004-san17.ahrefs.net
- Domain: ahrefs.net
- PTR Record: Forward resolution confirmed
- DNSSEC: Valid
- CAA Records: Present (1 issuer)
---
Threat Indicators & Reputation
| Metric | Value |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Blacklist Count** | 0 |
| **DNSBL Listings** | 1 of 8 total lists |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Threat Persistence** | 0 days |
| **Campaign Correlation** | None detected |
---
Neighborhood Analysis: 176.31.139.0/24
The /24 subnet exhibits elevated abuse characteristics:
- Total Sibling IPs: 32
- Active Siblings: 6
- Threat Siblings: 28 (87.5% of active neighbors)
- Abuse Density: 0.875 (High)
- Inherited Risk: 35
- Neighbor Risk Distribution: 0 High, 31 Medium, 0 Low
Neighbor IPs show risk scores ranging from 35-50, indicating systemic risk within the subnet infrastructure.
---
Temporal History
Analysis of 18 observations indicates consistent risk posture with no significant degradation or escalation:
- Abuse Density: Consistently 0.875 (High)
- Classification: Stable "high_abuse" designation
- Network Role: Persistent CloudCompute classification
- DNS Associations: Stable ahrefs.net hostname resolution
---
Recommended Security Actions
Given the moderate risk profile and high-abuse neighborhood context, consider the following controls:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 176.31.139.17 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 176.31.139.17 drop` |
| **nginx** | `deny 176.31.139.17;` |
| **pfSense** | Block 176.31.139.17/32 |
| **Cloudflare WAF** | Block IP with expression: `ip.src eq 176.31.139.17` |
| **AWS WAF** | Add 176.31.139.17/32 to block list |
---
Intelligence Assessment
The IP represents legitimate cloud infrastructure for Ahrefs, but operates within a high-abuse subnet where 87.5% of active neighbors demonstrate threat indicators. The moderate risk score (40) combined with the subnet-level abuse density suggests potential shared infrastructure risk. While no direct threat activity was observed on this specific IP, the neighborhood context warrants monitoring for anomalous behavior, particularly given the high concentration of threat-sibling IPs in the /24.
Priority Level: Medium - Monitor for behavioral anomalies or subnet-wide campaigns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr004-san17.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr004-san17.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 45% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 24% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 17:47:25 UTC |
| Last Seen | 2026-06-28 12:10:20 UTC |
| Profile Built | 2026-06-29 06:15:54 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.